University unifies fragmented access systems, moves away from prox
At Clemson University, the TigerOne card office’s latest endeavor is creating a new access control system, a pursuit that began in 2012. Steve Robbins, the Executive Director of the TigerOne card office, and Matthew Tegen, the Director of Systems for the TigerOne card office, presented their project and discussed what they wanted to accomplish, the current status of their project, and what they have learned so far.
During a presentation given at NACCU 2017, the pair discussed the highlights and major components of the project at Clemson.
One of the goals of the project was combining four different access systems that have in place for over twenty years: Picture Perfect, Secure Perfect, Von Duprin, and Onity. Having multiple systems in place simultaneously presented certain security and safety risks, and all four systems leveraged either magnetic stripe or prox technology. “Safety is the driver – everything else takes a backseat to that. Safety is the justification for everything,” Tegen says.
Having multiple systems presented safety issues. For example, if the police have access to two or three systems and don’t have access to the fourth system, it can be a potential public safety threat if authorities can't quickly access a building.
Manual data entry posed another risk. Two of the systems, Von Duprin and Onity, leveraged the comparably less secure magnetic stripe, while Picture Perfect and Secure Perfect leverage prox. Clemson was also seeking to remove outdated systems and move toward card encryption to prevent copying. Picture Perfect was no longer receiving security updates and the IT department didn’t feel comfortable using it.
One of the first steps in the security overhaul was to determine the stakeholders in the project. One of the major stakeholders are building security coordinators.
At Clemson, each building is assigned a building security coordinator who in turn has control over cardholder groups, sets schedules on doors, controls buildings' security systems, and decides who receives access privileges. Department system administrators, the departments, students, and faculty, were also crucial stakeholders.
Once Robbins and Tegen finished defining what their project was in their project charter, they needed to create an outline and requirements for it. For this, the steering committee helped identify members for a project team that included a total of twenty people from the campus police department, academics, IT, facilities and the financial department.
“We tried to turn over every stone there was of key stakeholders and identify the essential areas that needed to be represented,” Robbins says.
Together, they created the details for the requirements of their access control system, developed a policy for the access control system, and made budget projections.